As long as the internet exists, there will be online phishing attempts. Scammers have been refining their skills for years in the race to outsmart roadblocks that prevent them from stealing information. As phishing attempts get more and more sophisticated, businesses need to stay diligent in the fight against online attackers.
“Corruption, embezzlement, fraud, these are all characteristics which exist everywhere. It is regrettably the way human nature functions, whether we like it or not. What successful economies do is keep it to a minimum. No one has ever eliminated any of that stuff,” points out Alan Greenspan, former chair of the Federal Reserve of the United States.
. We are also going to cover some of the newer phishing methods and how to prevent them. Keep reading to find out more.
What Is Phishing?
If you are unfamiliar with phishing scams, you’re either really lucky or you haven’t been in business very long. If you receive an email from what appears to be a coworker’s email address that contains a link, beware. These types of emails look legit as they will mirror the email addresses your company actually uses.
“Phishing is a modern-day con game. Emails act as the bait and your data is the prize,” points out Brett Moses, COO of OTTO Quotes.
If you click it, the fraudulent link will direct you to a page that looks exactly like your company’s login page. Once you enter your login information, the scam has been a success and you’ve given the cybercriminal exactly what they were phishing for.
Types of Phishing Attacks
Phishing is becoming the primary method cybercriminals use to steal your information. It remains a major threat to businesses that operate primarily online. Using social engineering, these criminals are finding better and more advanced ways to get ahold of your usernames, passwords, and credit card details.
“In social engineering, fear is one of the most effective psychological factors out there. If people are afraid they can’t make any money or will lose their job, scammers take advantage of the fear,” explains Will Mendez, managing director of the New York City-based cybersecurity firm CyZen.
There are several types of phishing attacks. Each one uses unique methods to achieve whatever the criminal wants to accomplish. Understanding these methods is the best thing you can do to protect yourself. Let’s take a look at some of the most common types of phishing so you and your employees can stay diligent.
1. Phishing Emails
The most common form of phishing is email phishing. It also happens to be the form people tend to fall for the most. Hackers will typically use email to get people to fake websites that look identical to reliable sources.
“Phishing scams are getting better and better by the day. You have to make sure that you and your team are constantly educating themselves about the different types of scams being used,” suggests Shaunak Amin, CEO and Co-Founder of SwagMagic.
These emails can also have attachments that contain malware. If someone were to open these attachments, the attacker could gain access to devices and networks. This enables them to steal sensitive data or disrupt vital services. Here are some of the different types of email phishing attempts that you may encounter:
Office Supply Scams
Scammers will often pose as one of the suppliers you use. They will email you with a reminder that it is time to reorder your normal stock. If you or your staff are tricked into agreeing to this scam, you will either be charged exponentially more than usual, or you will never receive any product in return.
“Scammers are getting really good at looking like people or clients you know and trust. The need to be discerning with online interactions is greater than ever before,” mentions Christian Kjaer, CEO of ElleVet Sciences.
Train your staff to avoid this by informing them of this ploy. Make sure your ordering procedures require a purchase order and signature for each transaction.
One of the more dangerous email scams is the account takeover. This one aims to obtain IDs and passwords for online bank accounts. Once they gain this information, they will start to make withdrawals and purchases.
“All it takes is one stolen password for everything to unravel. Before you know it the hacker has access to all of your accounts, both business and personal,” explains Dr. Michael Green, Chief Medical Officer of Winona.
To avoid account takeovers, make sure you are monitoring your bank accounts daily. This will help you identify unauthorized charges as they occur. Also, set up anti-fraud alerts with your bank for extra security.
Your company most likely has quite a few invoices to pay at the end of the month. This makes it relatively easy for a scammer to slip into a fake one. If your accounting department notices a bill for advertising that never ran or a membership to a nonexistent organization, you’re likely being scammed.
“Cybercriminals rely on passive employees. If your staff isn’t checking every email, text message, or voicemail diligently, they might as well be handing criminals your data,” says Matthew Morein, VP, Brand & Creative at Psycho Bunny, a company known for their chic line of polo shirts for men.
Attackers can even go as far as to get data from your actual suppliers to make the invoices look more legitimate. Make sure your accounting department is up to date on how to identify false invoices.
2. Spear Phishing
Spear phishing is similar to email phishing but more advanced. Most email phishing attempts are sent to a large number of people who are chosen at random. Spear phishing on the other hand is specifically targeted and personalized.
“Behind every phishing attempt is a highly skilled and technologically adept cybercriminal. They have way more information about you than you’d ever believe is possible,” mentions Richard Li, Co-Founder of July, a company that offers some of the best carry-on luggage on the market.
Cybercriminals who engage in this type of phishing have researched their victims extensively. They’ve collected personal details from various sources to use in their messages. This makes it even harder for victims to recognize the messages as fraudulent.
Another common phishing attempt is referred to as whaling or CEO fraud. This is where malicious actors make use of social media and your own website to gain information about executives and CEOs. They then use this information to impersonate those executives.
“Beware the wolf in sheep’s clothing. If an email or SMS request sounds even slightly off, go to the source to make sure it actually came from who it says it did,” suggests Anthony Tivnan, President and Co-Founder of Magellan Jets, a company known for their private jet charter flights.
Once criminals are able to mirror a CEO’s email address, they send emails out to those at the company asking them to carry out financial transactions. One easy way to tell if you are on the receiving end of a whaling attack is to look out for a manager who is in a massive rush to carry out a transaction.
Smishing refers to phishing attempts done through SMS. Like email phishing, SMS-based attempts will contain a link or attachment with malicious content. SMS phishing attempts typically come from seemingly trustworthy companies like banks or subscription services.
“You’d be surprised about how many different forms that phishing attempts can come in. Messages can look like they’re from your boss, your bank, or even your mother,” explains Jason Zhang, CTO of Tapin.GG, a company that helps gamers with their LoL boosting services.
Because these attempts are done over text messages, they are often easier to overlook. Make sure you are thoroughly reviewing any SMS messages that contain links before you click them. But a good rule of thumb is to avoid clicking links you weren’t expecting to receive.
5. Angler Phishing
Angler phishing is a newer type of attack that takes advantage of information people post on their social media pages. The attackers use this information to create highly targeted attacks that make the victim feel so secure in the interaction that the thought of a scam doesn’t even cross their minds.
“Phishing attempts really play on human curiosity. Don’t let your natural tendencies get the best of you,” says Miles Beckett, Co-Founder and CEO of Flossy.
Fake URLs, websites, tweets, and instant messages are generated to create a sense of urgency for the victim to fulfill the attacker’s requests. Look out for this type of attack if you use social media profiles to respond to customer complaints or requests.
Preventing Phishing Scams
The good news is that you can do plenty of things to protect yourself from an online attacker. This should include things like improved security measures and employee training. Make sure your network is configured appropriately and you have passwords and firewalls in place.
“If you want to prevent a phishing scam, you need to get your entire team on the same page. If one person slips up, your data will get stolen,” advises Russell Kuwahara, Performance Marketing Manager of simplehuman, a company known for their line of innovative trash can products.
Regular employee training will be key to protecting your information. Careless employees are often a business’s weakest link so make sure you are training them regularly. And most importantly, if you have any doubt, delete the message and move on.